StudyDaddy Information Systems Assessment Description: The main objective of information security frameworks is to lower the level of risk, reducing the possibility of a vulnerability and making the company more secure. The framewo

Assessment Description: The main objective of information security frameworks is to lower the level of risk, reducing the possibility of a vulnerability and making the company more secure. The framewo

10

Organizational Compliance on Security Measurements








INSTITUTIONAL AFFILIATION:

INSTRUCTOR’S NAME:

STUDENT’S NAME:

COURSE CODE:


  1. Identify how negotiations between organizations and accreditors should be dealt with and provide an example.

Organizations and their accreditors are required to company with the aim of maintaining ethical and legal standards in the organization. This can be justified when organizations and their accreditors negotiate with one another to come to their best terms leading to credibility and development. Negotiations can be used to enhance integrity among the management and the auditors as it allows all the parties to express their views, thus allowing all the teams to come to a clear and concise conclusion. (Jiang et al. 2021)

Negotiations between the accreditors and the organization should be transparent and open to all sides as they should focus on expressing the challenges faced by all sides, thus allowing them to meet the organization’s compliance requirements. After negotiations, all the key points should be documented to monitor the impacts of the changes on their impacts to the organization. Successful negotiations can be documented in the proposed mitigation controls of the organization as they can help reduce risks associated with non-compliance in the organization.

  1. Discuss the appropriate response strategies that should be put into action.

Breach notification policies are essential to an organization’s cyber security as they identify the occurrence of the breach and how it can be contained to prevent the loss of more information. Breach notification allows the organization to notify customers and employees about the data breach allowing them to take action within the shortest time possible to prevent the impacts of the breach. Some of the appropriate response strategies that can be put into action in an organization include containment and mitigation, notifications, remediation and review and evaluation as the last step.

Containment and mitigation is the first step which involves isolating the infected systems and restricting access to limit the scope of the breach. Notification is one of the important steps as it allows business stakeholders to know about the breach and possible actions they can take to protect their personal information. Remediation allows the organization to patch the vulnerabilities that might have led to the breach fixing the vulnerabilities and making it hard for intruders to get to the organization. Review and evaluation is the last step that seeks to identify the areas to improve to prevent such incidents in future. Effective breach notification policies can be critical in responding to data breaches, thus preventing the occurrence of such incidents in future.

  1. Explain employee training recommendations to create awareness of the organization's security requirements.

Training employees in an organization to create awareness is considered a critical component in cyber security as it allows the employees to be aware of the cyber security policies, thus maintaining security to the data stored in the organization’s information systems. Whenever the security is training the employees about security, they should always begin by pointing out the basics, such as the importance of having strong security in an organization and how they can enhance their security in the organization. (Chowdhury et al. 2021)

The security teams can proceed and make the training more engaging, where they can try to simulate real-time threats making the training more memorable to the employees of the organization. Employees can proceed to emphasize the importance of reporting security incidents and how they should act as soon as they identify them in the organization. Lastly, the security teams can help the employees test their knowledge by providing them with quizzes and phishing simulations to identify how they act as soon as they identify the attack.

  1. How to obtain feedback on the effectiveness of security policies from stakeholders?

Obtaining feedback on the effectiveness of security policies from stakeholders can be a critical part of the organization as it seeks to enhance its cyber security. Organizations can obtain feedback from stakeholders by identifying the stakeholders impacted by the security policies, developing an effective feedback mechanism, and asking specific questions associated with security controls followed by analyzing the feedback to take action. An example of an organization that should obtain feedback on the effectiveness of its security policies is an organization conducting online banking, as it might need to identify its views from its stakeholders and come up with possible strategies for enhancing the security policies. (Kumar et al., 2019)

V. How to identify new threats, vulnerabilities and risk management that I might have encountered to the initial security measures that were first implemented

In the organization where I worked, we used threat intelligence which identified and analyzed potential threats to the organization. Threat intelligence monitors the current threats in the market and identifies the potential way that can be used to eliminate the threat as soon as it is identified in the systems of the organization.

Threat intelligence systems that be used to help the security teams to understand the risks that are likely to be faced in the organization and potential ways an organization can help to protect itself. Threat intelligence systems allow the organization to stay ahead of potential attackers while ensuring that the data stored in the organization is safe, thus managing risks effectively if they are to be encountered.

VI. Identify mechanisms to adapt to threat intelligence, which identifies new and overlooked vulnerabilities, threats, and countermeasures.

Mechanisms that can be used for maintaining strong postures within an organization include conducting regular scans of the organization's resources, creating an incident response plan, using threat intelligence sharing systems, threat continuous monitoring systems, and lastly, making use of reporting and communication systems. Regular scans can be used in identifying emerging vulnerabilities in an organization, and whenever vulnerabilities are identified, the organizations should opt to use an effective incident response plan. Using threat intelligence sharing systems can allow particular departments to understand the trends of the threats, thus allowing actions to be taken within the shortest time possible, minimizing the impacts of the risks associated with the threat. ( Song et al. 2021)

VII. How stakeholders identified by threat intelligence should be notified about a threat and provide an example of the notification methods.

Organizations with different types of stakeholders can opt-in to use different notification systems depending on the threat in the organization and its impacts on the stakeholders. For instance, the operational managers should be notified about the breach using an email which points out the impacts of the threat and the recommendations. The organization can opt-in to use text messages or short message services to send messages to stakeholders or customers who might not be in their respective offices and don't have access to their emails. (Song et al. 2021)

The organization can opt in using applications notification to notify all the users about the breach, and they can know more about the breach as soon as they launch the application about the security alert. The organization can opt to use in-personal briefings to provide detailed instructions to members about the breach. Lastly, the organization can opt-in to use public announcements to inform the public about the security breach, including using social media platforms, radio and television.

VIII. Identify organization management techniques for responding to new challenges.

Different organizations are composed of different organization management techniques, and it is always crucial to adopt in developing effective policies for responding to new challenges. Some of the techniques that can be used in responding to new challenges include developing an effective risk management plan to identify potential risks and vulnerabilities, developing an incident response plan, and also training employees on the impacts of cyber security. The organization can prioritize compliance monitoring and compliance management to meet requirements set by various regulatory bodies such as General data protection regulation.

IX. Define and apply the NIST cyber security framework functional areas, implementation tiers and profiles.

The National Institute of Standards and Technology (NIST) cyber security framework provides guidance for organizations to manage and reduce cyber security risks within the organizations. The NIST framework is composed of three functional areas, which include identification protection, detection response and recovery tiers. Implementation tiers are applied to guide the organizations on actions to take to improve their cyber security postures. (Taherdoost, 2022)

The NIST framework is made of four implementation tiers which prioritize on implementation of the functions identified, which include partial, risks informed, repeatable and adaptable tiers. The National institute of standards and technology has set up the profiles that are used to align cybersecurity functions and the implementation tiers to the organization's objectives, risks tolerance and also resources used by the organization. Profiles are applied to a cyber-security organization to allow implementation tiers with their functional areas, thus enhancing the security policies of the organization.

X. Describe how to develop a business continuity plan to prevent and recover from failures in the system.

Business continuity plans are critical components in the organization as they help organizations to recover after a system failure. It is always essential to develop a strategic business continuity plan to provide a develop a strategic recovery process from a data failure. Some of the steps that can be used in developing a business continuity plan include;

  • Defining the scope of attack: This step defines systems to be covered in the business continuity plan, and it also minimizes disruption of critical functions of the business to reduce the impacts.

  • Conducting an impact analysis: This step identifies critical processes and functions performed by the business and analyses the potential impact associated with the disruption of these services.

  • Developing a response plan: This step defines the steps that are to be considered when responding to the system failure, and it includes the parties responsible for each step and the resources required to mitigate the impacts.

  • Developing a recovery plan: The recovery plan is composed of the steps that are to be taken to recover the system in case of a system failure. This strategy should focus on how the recovery of data, systems and processes should take place after the process.

  • Testing the Business continuity plan: After the business recovery plan has been developed, it should be tested to facilitate effective recovery from system failures. Regular tests should be conducted to identify weaknesses associated with the systems.

  • Maintain the business continuity plan – Maintenance should be carried out to the business continuity plan to ensure it is updated with the activities taking place in the organization and ensure all the personnel are aware of it.


Reference:

Chowdhury, N., & Gkioulos, V. (2021). Cyber security training for critical infrastructure protection: A literature review. Computer Science Review40, 100361.

Jiang, J. X., Polsky, D., Littlejohn, J., Wang, Y., Zare, H., & Bai, G. (2021). Factors associated with compliance to the hospital price transparency final rule: a national landscape study. Journal of general internal medicine, 1-8.

Kumar, R., & Goyal, R. (2019). On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Computer Science Review33, 1-48.

Song, S., Wu, Q., Zheng, X., Wang, P., Dou, Y., Li, Z., & Zhai, L. (2021, October). Focus on the Stability of Large Systems: Toward Automatic Prediction and Analysis of Vulnerability Threat Intelligence. In 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC) (pp. 445-449). IEEE.

Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics11(14), 2181.





Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!